github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta.git synced 2025-03-12 04:35:23 -07:00
Code Issues Packages Projects Releases Wiki Activity

Restrict v-make-tmp-file to tmp folder

Browse Source 
Thanks to @hestiacp and @jaapmarcus
This commit is contained in:
myvesta 2021-03-14 19:09:10 +01:00 committed by GitHub
parent 16b33262af
commit fdc6e191c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

2
web/api/index.php

@ -116,7 +116,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
// Check command
if ($cmd == "'v-make-tmp-file'") {
// Used in DNS Cluster
$fp = fopen($_POST['arg2'], 'w');
$fp = fopen('/tmp/'.basename($_POST['arg2']), 'w');
fwrite($fp, $_POST['arg1']."\n");
fclose($fp);
$return_var = 0;